Scrapkut worm fast targeting Orkut users

NEW DELHI: Online social networks have been a fad for some time now. But, before you leave some more smart scraps on the global social networks, beware of the bugs. The pesky malicious mails and spams have hit the social networking sites and could potentially sour your relationship (both online and offline!) with that someone special in the virtual world.

Your love for scrapping and watching videos Orkut, a social networking site, may end up sending malicious mails from your login to anyone. A worm named Scrapkut is fast targeting Orkut users.

Taking note of the problem, the cyber security wing of the department of information technology (DIT) has suggested all Orkut users refrain from downloading any links posted on Orkut. A malicious scrap message is posted to victim���s scrapbook containing a fake link to YouTube video looking as if it is from a known member of its friend list. When the victim clicks on the link, it���s redirected to some malicious website which prompts you to download the file ���flashx_player_9.8.0.exe��� disguised as a flash upgrade. And the victims whole system comes under the virus attack. The active Orkut virus was tracked on Friday last week while other viruses have been active on several other social networks for a few weeks now.

Similar attacks on Facebook, MySpace and Yahoo! MediaGrid have also come to light in recent weeks. On Facebook and MySpace, the user may be caught unawares while uploading photographs. After executing the malicious binary code, disguised as flash memory, the Scrapkut virus downloads further binaries-windosre-mote.exe, logservicess.exe and win32chekupdate.exe - to perform malicious actions on victim system. The downloaded file logservicess.exe copies itself as maindwxp.exe to different locations to ensure its execution on every start-up of infected system.

So, when a user visits Orkut and starts a session from the infected system, maindwxp.exe injects Javascript code into the active Orkut web session and executes in context of the Orkut domain and user authenticated session. The execution of the binary results in malicious scrapbook entry in all victims��� friends. Simply put: you are under virus attack and your friends end up getting fake mails (ones you never sent) from you.

And here���s how you can protect yourself: The cyber security wing of the DIT has advised net users to remain cautious while visiting any link provided in Orkut, keep up-to-date patches and fixes on the operating system and application software, keep up-to-date antivirus and antispyware signatures and most important of all not visit untrusted websites.

The department has also tracked a virus which is targeting websites connected with ActiveX (a control system for websites). The main sites being affected by the virus are Yahoo! MediaGrid ActiveX control, YMP Datagrid ActiveX control and image uploader used by Facebook and MySpace.

Cyber criminal may use the binary system available on internet to get in your system and get control of your passwords. The hackers would also be able to use the victim���s logins without his knowledge. The hackers are using HTML e-mail message and attachments to get into the vulnerable systems.

As a precaution the users may use the automatic update functionality of the Yahoo! Media Jukebox software, or install updated version of Yahoo! Media Jukebox software. The other option may be to get the ActiveX system disabled from the Internet zone while visiting untrusted websites.So, before you take another dive into or reply to that tempting scrap, watch out for the Trojan���s.